Cisco 400-251 Online Practice Questions and Exam Preparation

Cisco 400-251 Online Questions & Answers

• Question 461:

  Which statement about OSPFv2 configuration on ASA is t rue?

  A. ASA can exist as ABR but not as ASBR
  B. It supports stub area and not-so-stubby areas
  C. It does not support virtual links
  D. It only supports MDS authentication with the peers
  E. Routing decision is based on the hop counts to the destination
  F. It allows only one routing process to be configured
  B. It supports stub area and not-so-stubby areas

• Question 462:

  

  Refer to the exhibit. Users are unable to access web servers 192.168.101.3/24 and 192.168.102.3/24 using Firefox web browser when initiated from 172.16.1.0/24 network. What could be the possible cause?

  A. Identification profile "allow Profile" has incorrect source subnet
  B. Access policy "allow policy" is pointing to incorrect identification profile
  C. Identification profile "allow Profile" has incorrect protocol
  D. Access policy "allow policy" has incorrect action set for the custom URL category
  E. Custom URL category "allowed sites" has incorrect servers address listed
  F. Identification profile "allowed Profile" has misconfigured user agent
  F. Identification profile "allowed Profile" has misconfigured user agent

• Question 463:

  

  Refer to the exhibit. Which level of encryption is set by this configurations?

  A. 1024-bit
  B. 192-bit
  C. 56-bit
  D. 168-bit
  D. 168-bit

• Question 464:

  Which statement about ASA clustering requirements is true?

  A. Units in the cluster must be in the same geographical locations.
  B. Units in the cluster can be running different software version as long as they have identical hardware configuration.
  C. Units in the cluster can have different hardware configuration as long as they are running the same software version.
  D. Only routed mode is allowed in the Single context mode.
  E. Units in the cluster can be in different security context modes.
  F. Units in the cluster cannot have different amount of flash memory
  A. Units in the cluster must be in the same geographical locations.

• Question 465:

  

  Refer to the exhibit. Which two statements about the given IPv6 ZBF configuration are true? (Choose two)

  A. It inspects TCP, UDP, ICMP, and FTP traffic from z1 to z2.
  B. It provides backward compatibility with legacy IPv4 inspection.
  C. It inspects TCP, UDP, ICMP, and FTP traffic from z2 to z1.
  D. It passes TCP, UDP, ICMP, and FTP traffic in both directions between z1 and z2.
  E. It provides backward compatibility with legacy IPv6 inspection.
  F. It passes TCP, UDP, ICMP, and FTP traffic from z1 to z2.
  A. It inspects TCP, UDP, ICMP, and FTP traffic from z1 to z2.
  E. It provides backward compatibility with legacy IPv6 inspection.

• Question 466:

  

  Refer to the exhibit. There is no ICMP connectivity from BranchPC to the Engineering server at 192.168.4.1. Based on the provided FTD1 access policy and network topology in the exhibits.

  What could be the possible reason for this failure?

  A. The VLAN tags configuration is missing in the access rule
  B. The source network address is incorrect in the access rule
  C. The required port configuration is missing in the access rule
  D. The zone configuration is missing in the access rule
  E. The server network address is incorrect m the access rule
  F. The rule action is incorrect in the access rule
  C. The required port configuration is missing in the access rule

• Question 467:

  In a large organization, with thousands of employees scattered across the globe, it is difficult to provision and onboard new employee devices with the correct profiles and certificates. With ISE, it is possible to do client provided which four conditions are met. (Choose four)

  A. Endpoint operating System should be supported
  B. Client provisioning is enabled on ISE
  C. The pxGrid controller should be enabled on ISE
  D. Device MAC Addresses are added to the Endpoint Identity Group
  E. Profiling is enabled on ISE
  F. SCEP Proxy enabled on ISE
  G. Microsoft windows Server is configured with certificate services
  H. ISE should be configured as SXP listener to push SGT-To-IP mapping to network access devices
  I. Network access devices and ISE should have the PAC provisioning for CTS environment authentication.
  B. Client provisioning is enabled on ISE
  D. Device MAC Addresses are added to the Endpoint Identity Group
  E. Profiling is enabled on ISE
  F. SCEP Proxy enabled on ISE

• Question 468:

  A network architect must migrate the legacy infrastructure switches of a customer from a Cisco Nexus 9000 platform. Which process helps achieve t his milestone?

  A. Allow guests temporary access to the CLI without logging in
  B. Manage software upgrades via guest shell
  C. Create a container providing separate execution space
  D. Setup a Web-based interface for configuration management
  E. Operates in a client/server model
  F. Web-based repository hosting service
  A. Allow guests temporary access to the CLI without logging in

• Question 469:

  Which three statements about VRF-Aware Cisco Firewal are true?(Choose three)

  A. It supports both global and per-VRF commands and DoS parameters
  B. It enables service providers to deploy firewalls on customer devices
  C. It can generate syslog messages that are visible only to individual VPNs
  D. It can support VPN networks with overlapping address ranges without NAT
  E. It enables service providers to implement firewalls on PE devices
  F. It can run as more than one instance.
  C. It can generate syslog messages that are visible only to individual VPNs
  E. It enables service providers to implement firewalls on PE devices
  F. It can run as more than one instance.

• Question 470:

  What are the three configurations in which SSL VPN can be implemented?(Choose three)

  A. PVC Tunnel Mode
  B. Thin-Client
  C. WebVPN
  D. L2TP over IPSec
  E. CHAP
  F. AnyConnect Tunnel Mode
  G. Clientless
  B. Thin-Client
  C. WebVPN
  F. AnyConnect Tunnel Mode
  G. Clientless